[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SPD per interface?
At 2:16 PM -0400 8/21/01, Cambria, Mike wrote:
>Does IPsec allow each interface to have its own SPD? That is, for a given
>set of selectors, one interface can have a different policy (e.g. encryption
>algorithm etc.) than a different interface.
>
>My reading of RFC2401 leads me to believe that this is indeed possible (pg
>13 bottom.)
>
> "... an SG had multiple external interfaces, it might be
>necessary to have separate SAD and SPD pairs for each interface."
>
yes, the SPD is nominally per-interface.
Steve
Follow-Ups:
References: